Posted Mar 31, 2011 2:44 UTC (Thu) by jengelh (subscriber, #33263)
Parent article: Fighting fork bombs
>once a process exits, all of its children are reparented to the init process. That causes a flattening of the tree structure and makes it hard to identify all of the processes involved in the attack.
Eh.. this sounds very much like a case that cgroups can handle. systemd is said to use them already to kill all processes spawned from a master even if the children have detached and reparented (think sshd).
Given that, the oom-killer may be tuned to group killable targets by cgroup rather than just tgid/tid.